Skip to content
Coldrune

AI Agent Integration

AI coding agents (Claude Code, Cursor, Copilot) often need access to secrets — API keys, database credentials, tokens — without those values leaking into prompts, logs, or generated code.

Coldrune provides two integration paths:

Section titled “MCP (recommended)”

The Coldrune MCP server exposes 15 tools over the Model Context Protocol. Agents can read secrets, manage projects, and query audit logs through structured tool calls.

Benefits:

  • Secrets stay server-side — agents receive values only when explicitly requested
  • Agents can create projects, environments, and manage infrastructure
  • Full audit trail of agent actions
  • Works with any MCP-compatible client

CLI

Section titled “CLI”

Agents can also call the coldrune CLI directly. Authenticate with a service account API key:

export COLDRUNE_API_KEY=cr_sa_...
coldrune secret get DB_PASSWORD --org my-org --project api --env dev

Or use coldrune run to inject secrets into a subprocess:

coldrune run --org my-org --project api --env dev -- ./migrate.sh

Authentication for agents

Section titled “Authentication for agents”
MethodUse case
Service account (COLDRUNE_API_KEY)CI/CD, automated scripts, agents
Session tokenInteractive human use

Service accounts are recommended for agents. They:

  • Don’t require interactive login
  • Can be scoped to a specific project
  • Always require explicit ACL rules (deny-by-default)
  • Leave clear audit trails identifying the service account

Create one:

coldrune service-account create --org my-org --name claude-agent
coldrune acl grant --org my-org --subject claude-agent --project "*" --env "*" --permission read

Machine-readable docs

Section titled “Machine-readable docs”

Coldrune serves machine-readable documentation at:

  • /llms.txt — curated index of key documentation pages
  • /llms-full.txt — full documentation concatenated as plain text

See llms.txt & AGENTS.md for details.